Apache Upgrade from 1.3.37 to 1.3.39

Changes with Apache 1.3.39

*) SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset “detection”. Reported by Stefan Esser. [Joe Orton]

*) SECURITY: CVE-2007-3304 (cve.mitre.org)
Ensure that the parent process cannot be forced to kill non-child
processes by checking scoreboard PID data with parent process
privately stored PID data. [Jim Jagielski]

*) mime.types: Many updates to sync with IANA registry and common
unregistered types that the owners refuse to register. Admins
are encouraged to update their installed mime.types file.
PR: 35550, 37798, 39317, 31483 [Roy T. Fielding]

Posted in News. No Comments »

Comments are closed.